locked
FIM: Why attributes in the metaverse are not present in ADMA connector space? RRS feed

  • Question

  • I have an annoying problem. I configured in fim portal Active Directory in/outbound sync rules for groups and users. I setted outbound attribute flows:

    (e.g. for in/outbound group sync rule)

    - cn -> cn

    - description -> description

    - displayedOwner -> managedBy

    - displayName -> displayName

    - mail -> mail

    - mailNickname -> mailNickname

    - member -> member

    - objectSid -> objectSid

    - CustomExpression(IIF(Eq(type,"Distribution"),IIF(Eq(scope,"Universal"),8,IIF(Eq(scope,"Global"),2,4)..................->groupType

    - "cn="+displayName+.....................->dn (initial flow only)

    - accountName -> sAMAccountName (initial flow only)

    In Synchronization Service Manager, I configured attribute flows for both FIMMA and ADMA and specifically  for users, groups, ou in ADMA, detectedRuleEntry, ExpectedRuleEntry, Person, Group, SynchronizationRule in FIMMA. I configured all attribute flows as possible (import and export flows for all of them) like outbound synchronization rules configured in the portal.

    1) Are these steps correct?

    2) How I have to configure "Configure deprovisioning" in Management Agent Designer?

    3) Must I configure all attribute flows  for the in/outbound sync rules in the portal and for FIMMA and ADMA (as I did)? Or only in the portal?

    4) I have this problem:

    I run Full Import, Full Synchronization for ADMA first to import Active Directory OUs. I run Full Import, Full Sync, Export and Delta Import for FIMMA. I run export and delta import for ADMA. All groups and users are created but their attributes are only initial flow only attributes (dn and sAMAccountName) plus some others attributes.

    I notice that these and only these attributes are present in the connector space of ADMA wherease all attributes are correctly present in the metaverse. Why not all metaverse attributes are present in the connector space? What can I do? In this situation I have not attributes like member, email, manager etc..

    • Moved by Anca Popa Monday, July 11, 2011 11:03 AM English and not Italian (From:Sicurezza, Microsoft Forefront, Gestione degli Accessi e delle Identità)
    Monday, July 11, 2011 10:52 AM

Answers

  • On Mon, 11 Jul 2011 10:52:26 +0000, greenmp86 wrote:

    I notice that these and only these attributes are present in the connector space of ADMA wherease all attributes are correctly present in the metaverse. Why not all metaverse attributes are present in the connector space? What can I do? In this situation I have not attributes like member, email, manager etc..

    When you created the AD MA you didn't select these attributes. You'll need
    to go into the properties of the AD MA and select the missing ones.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Swap read error.  You lose your mind.

    Monday, July 11, 2011 12:29 PM

All replies

  • I specify that missing attributes flows are configured for ADMA but I don't understand why they're not present in the connector space.
    Monday, July 11, 2011 11:04 AM
  • hi greenmp86,

    I have some trouble understanding your question.

    You have configured attributes in a synchronization rule for the ADMA correct?

    This rules has import attribute flows from the connector space to the metaverse, but you don't see that attribute values are imported and synced from the connector space to the metaverse.

    So bottom line your object within the metaverse is created but does not have any attribute values?

     


    Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!
    Monday, July 11, 2011 12:28 PM
  • On Mon, 11 Jul 2011 10:52:26 +0000, greenmp86 wrote:

    I notice that these and only these attributes are present in the connector space of ADMA wherease all attributes are correctly present in the metaverse. Why not all metaverse attributes are present in the connector space? What can I do? In this situation I have not attributes like member, email, manager etc..

    When you created the AD MA you didn't select these attributes. You'll need
    to go into the properties of the AD MA and select the missing ones.


    Paul Adare
    MVP - Identity Lifecycle Manager
    http://www.identit.ca
    Swap read error.  You lose your mind.

    Monday, July 11, 2011 12:29 PM
  • Now it works. I putted flows into ADMA configuration. With no flows, all work! Thank you very much.
    Saturday, July 16, 2011 8:54 AM